The purpose of LinkedIn is to help people make business contacts. It’s natural, then, that if someone wants to become one of your contacts, you will accept them, right? Well, there are people out there who will be happy to become your contact, but who have absolutely no interest in doing business with you. Sure, they are interested in profiting from a connection with you, but not in the way you may think. And it’s unwise to simply brush them aside as harmless, because harmless they are not. Fake contacts do not only negatively affect you, but they can also negatively affect all of the other contacts in your LinkedIn network and, in the end, destroy not only your reputation but your company’s reputation as well.
LinkedIn has come a long way in their ability to uncover fake profiles. This is because the traditional fake profile is relatively easy to spot. According to a study done by Symantec, fake LinkedIn profiles tend to be attractive women claiming to be recruiters. Let me give you an example of some that I found.
My first question about Constance was: Why is she wearing a cowboy hat for a professional profile picture? So I did an image search on Google and found this ad.
I then checked out her company, XONOVIA Technologies. Here is their LinkedIn page.
Hmm, surprisingly little information. They also have a Facebook page with even less information.
But here’s the interesting part. She has at least 30 endorsements, some from company CEOs. She’s even indirectly connected to one of my contacts. That’s disturbing. Her work history is cut and pasted from other recruitment sites such as Upwork. She also went to an unspecified California High School, which seems a bit vague.
But what about all those endorsements? Well, first of all, there’s kind of an unstated rule that if you endorse me, I’ll endorse you. For many, it doesn’t much matter if they are endorsed by someone they don’t know and never worked with. Maybe the person just saw their stunning profile and just couldn’t stop themselves from giving an endorsement. Maybe, but the chances of this are low. The better chance is that these blind endorsers are hoping for a return endorsement that will give them credibility. And if you have a fake profile, you really need credibility to work your angle, whatever that may be. I’m not even going to get into the topic of buying endorsements, but here is what such endorsement-selling firms claim to do. (100 endorsements cost $9)
Also, I noticed on the right side of Constance’s profile was a section called, “People also viewed”, which contained several fake profiles. In other words, although LinkedIn has gone a long way in eliminating many false profiles, there are still many more out there waiting to cause problems.
But what is it they want? Why should someone go through all the trouble of setting up a fake profile? At the lowest level, they just want to crawl around your network trying to pick up information such as email addresses. At higher levels, they may want to gain your trust for a later spear phishing attack on you, someone on your network, or someone in your company.
But why do many of them pose as recruiters? Well, that’s simple enough. Many people join LinkedIn to find jobs. If you’ve ever been out of a job, floundering around in a sea of desperation, you will grasp at any straw that may promise you salvation. If a purported recruiter asks you to send them a resume, you will do so without hesitation. If the recruiter is really a hacker, you’ve just handed over a ton of usable information. So what? You may say. So what if a recruiter joins your LinkedIn network? Well, you may be targeted through the information you’ve given away. A person given as a reference on your resume may suddenly contact you and ask you to look at an attachment. A contact could do the same. Unfortunately, they are not who you think they are and your opening an attachment or visiting a suggested website may end up with you having a RAT (remote access Trojan) installed on your device. A RAT enables a criminal to remotely operate your computer and follow you around, taking your picture, recording your chats, stealing your passwords, and sending emails from your email to more of your contacts, hoping to compromise them as well.
Iranian hackers used LinkedIn fake profiles to target individuals in the military, government, oil and gas, energy and utilities, chemical, transportation, healthcare, education, telecommunications, technology, aerospace, and defense sectors. They would establish leader profiles and then build a support network to make these leaders look legitimate. The hackers used profile details of actual company management as well as actual job postings to lead others astray. The purpose of the group seems to be that of gaining access to the networks of major corporations by using a compromised endpoint. They may also be connected with, or identical to, Operation Cleaver, the Iranian, government-supported hacking group which penetrated banks and key infrastructure, including a small dam in northern New York. It was this that got them on the FBI’s most wanted list.
Obviously, these hackers didn’t use their own photos. They may have been smart enough to avoid those attractive model photos that give away so many false profiles. They may have even used photos they got from LinkedIn. Who knows? They may have used your profile picture. In any event, these Iranian hackers produced profiles that looked completely legitimate.
So how do you check to see if a contact is real? Let me use another fake profile to show you what you can do. Here is the profile of another recruiter named Christina Janet.
Well, it’s not a model photo. I did, however, question why this was a profile photo for a professional recruiter, unless its to show that recruiting is a depressing job. When you have questions about a profile photo, copy it and paste it into Google’s image search. When I did this with Christina, I found this photo was taken from an article on homeless people. Yeah, but she works for a seemingly real company called Neeyamo and she has a Neeyamo email address. How is this possible?
If you have a question about whether an email address is valid, go to a site like Email Checker. Here is what I found.
That’s odd. Why would she have an email that looked valid but didn’t exist, especially when she asks people to send their resumes to this address? Why did she post job ads? Why does Christina have 3,426 followers and 60 endorsements?
Clearly, Christina wants to look legitimate. She probably has some legitimate followers among those fake ones added to pad her stats. Someday, Christina may send one of her legitimate contacts an email, complete with a LinkedIn logo and format, asking for the contact to make a connection to another user. That user may even be legitimate and may check out on LinkedIn. Unfortunately, the receiver of this fake email, may decide to click on one of the links. Here are a couple of example of what the email might look like. One may look like a standard connection request
while others may take the form of a request reminder.
Clicking on ANY link in these emails (including ‘Unsubscribe’) can send you to a page that installs dangerous malware on your device. Again, check the link address by hovering over it with your cursor and reading the true address, often in the lower, left hand corner of your screen. Using this technique alone can go a long way to protecting you from fake LinkedIn emails.
You may not be so ambivalent about having a fake contact when you find that your bank account has been drained and you can’t figure out how that happened. There are ways to set your LinkedIn privacy settings so you cannot get any contact requests, but that sort of defeats the purpose of LinkedIn. In other words, it’s really up to you to investigate potential LinkedIn contacts. If your potential LinkedIn contact looks to good to be true, she probably is.